runc container escape via "masked path" abuse due to mount race conditions
Description
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/opencontainers/runcGo | < 1.2.8 | 1.2.8 |
github.com/opencontainers/runcGo | >= 1.3.0-rc.1, < 1.3.3 | 1.3.3 |
github.com/opencontainers/runcGo | >= 1.4.0-rc.1, < 1.4.0-rc.3 | 1.4.0-rc.3 |
Affected products
298- osv-coords297 versionspkg:apk/chainguard/azure-vnet-cnipkg:apk/chainguard/buildahpkg:apk/chainguard/cluster-autoscaler-1.31pkg:apk/chainguard/cluster-autoscaler-fips-1.31pkg:apk/chainguard/eks-distro-1.30pkg:apk/chainguard/eks-distro-1.31pkg:apk/chainguard/eks-distro-1.32pkg:apk/chainguard/eks-distro-coredns-1.30pkg:apk/chainguard/eks-distro-coredns-1.31pkg:apk/chainguard/eks-distro-coredns-1.32pkg:apk/chainguard/eks-distro-coredns-fips-1.29pkg:apk/chainguard/eks-distro-coredns-fips-1.30pkg:apk/chainguard/eks-distro-fips-1.29pkg:apk/chainguard/eks-distro-fips-1.30pkg:apk/chainguard/eks-distro-kube-apiserver-1.30pkg:apk/chainguard/eks-distro-kube-apiserver-1.31pkg:apk/chainguard/eks-distro-kube-apiserver-1.32pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.29pkg:apk/chainguard/eks-distro-kube-apiserver-fips-1.30pkg:apk/chainguard/eks-distro-kube-controller-manager-1.30pkg:apk/chainguard/eks-distro-kube-controller-manager-1.31pkg:apk/chainguard/eks-distro-kube-controller-manager-1.32pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.29pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.30pkg:apk/chainguard/eks-distro-kube-controller-manager-fips-1.32pkg:apk/chainguard/eks-distro-kube-proxy-1.30pkg:apk/chainguard/eks-distro-kube-proxy-1.31pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.29pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.30pkg:apk/chainguard/eks-distro-kube-proxy-fips-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-attacher-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-attacher-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-attacher-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-attacher-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-attacher-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-provisioner-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-resizer-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-resizer-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-resizer-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-resizer-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-resizer-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-controller-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-controller-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-controller-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-controller-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-controller-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshotter-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshotter-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshotter-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshotter-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshotter-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-validation-webhook-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-validation-webhook-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-validation-webhook-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-external-snapshot-validation-webhook-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-livenessprobe-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-livenessprobe-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-livenessprobe-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-livenessprobe-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-livenessprobe-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-node-driver-registrar-1.30pkg:apk/chainguard/eks-distro-kubernetes-csi-node-driver-registrar-1.31pkg:apk/chainguard/eks-distro-kubernetes-csi-node-driver-registrar-1.32pkg:apk/chainguard/eks-distro-kubernetes-csi-node-driver-registrar-fips-1.29pkg:apk/chainguard/eks-distro-kubernetes-csi-node-driver-registrar-fips-1.30pkg:apk/chainguard/eks-distro-kubernetes-pause-1.30pkg:apk/chainguard/eks-distro-kubernetes-pause-1.31pkg:apk/chainguard/eks-distro-kubernetes-pause-compat-1.30pkg:apk/chainguard/eks-distro-kubernetes-pause-compat-1.31pkg:apk/chainguard/eks-distro-kube-scheduler-1.30pkg:apk/chainguard/eks-distro-kube-scheduler-1.31pkg:apk/chainguard/eks-distro-kube-scheduler-1.32pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.29pkg:apk/chainguard/eks-distro-kube-scheduler-fips-1.30pkg:apk/chainguard/falco-no-driverpkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-compatpkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/k3s-1.32pkg:apk/chainguard/k3s-1.33pkg:apk/chainguard/k3s-multicall-1.32pkg:apk/chainguard/k3s-multicall-1.33pkg:apk/chainguard/k3s-static-1.32pkg:apk/chainguard/k3s-static-1.33pkg:apk/chainguard/kubeadm-1.30pkg:apk/chainguard/kubeadm-1.30-defaultpkg:apk/chainguard/kubeadm-1.30-default-compatpkg:apk/chainguard/kube-apiserver-1.30pkg:apk/chainguard/kube-apiserver-1.30-defaultpkg:apk/chainguard/kube-apiserver-1.30-default-compatpkg:apk/chainguard/kube-controller-manager-1.30pkg:apk/chainguard/kube-controller-manager-1.30-defaultpkg:apk/chainguard/kube-controller-manager-1.30-default-compatpkg:apk/chainguard/kubectl-1.30pkg:apk/chainguard/kubectl-1.30-bitnami-compatpkg:apk/chainguard/kubectl-1.30-defaultpkg:apk/chainguard/kubectl-1.30-default-compatpkg:apk/chainguard/kubectl-1.30-iamguarded-compatpkg:apk/chainguard/kubectl-bash-completion-1.30pkg:apk/chainguard/kubelet-1.30pkg:apk/chainguard/kubelet-1.30-defaultpkg:apk/chainguard/kubelet-1.30-default-compatpkg:apk/chainguard/kubelet-fips-1.32pkg:apk/chainguard/kube-proxy-1.30pkg:apk/chainguard/kube-proxy-1.30-defaultpkg:apk/chainguard/kube-proxy-1.30-default-compatpkg:apk/chainguard/kube-proxy-1.32pkg:apk/chainguard/kubernetes-1.30pkg:apk/chainguard/kubernetes-1.30-defaultpkg:apk/chainguard/kubernetes-1.32pkg:apk/chainguard/kubernetes-pause-1.30pkg:apk/chainguard/kubernetes-pause-compat-1.30pkg:apk/chainguard/kube-scheduler-1.30pkg:apk/chainguard/kube-scheduler-1.30-defaultpkg:apk/chainguard/kube-scheduler-1.30-default-compatpkg:apk/chainguard/node-feature-discovery-0.17pkg:apk/chainguard/node-feature-discovery-0.18pkg:apk/chainguard/node-feature-discovery-fips-0.16pkg:apk/chainguard/node-feature-discovery-fips-0.16-gcpkg:apk/chainguard/node-feature-discovery-fips-0.16-kubectl-nfdpkg:apk/chainguard/node-feature-discovery-fips-0.16-masterpkg:apk/chainguard/node-feature-discovery-fips-0.16-topology-updaterpkg:apk/chainguard/node-feature-discovery-fips-0.16-workerpkg:apk/chainguard/nvidia-container-toolkit-nvidia-cdi-hookpkg:apk/chainguard/nvidia-container-toolkit-nvidia-ctkpkg:apk/chainguard/podmanpkg:apk/chainguard/podman-docpkg:apk/chainguard/prometheus-podman-exporterpkg:apk/chainguard/prometheus-podman-exporter-compatpkg:apk/chainguard/rancher-2.10pkg:apk/chainguard/rancher-agent-2.11pkg:apk/chainguard/rancher-agent-2.9pkg:apk/chainguard/rke2-runtime-1.31pkg:apk/chainguard/rke2-runtime-1.31-chartspkg:apk/chainguard/sriov-network-device-pluginpkg:apk/chainguard/sriov-network-device-plugin-entrypointpkg:apk/chainguard/sriov-network-device-plugin-fipspkg:apk/chainguard/virt-api-1.8pkg:apk/chainguard/virt-api-fips-1.8pkg:apk/chainguard/virt-chroot-1.6pkg:apk/chainguard/virt-chroot-1.7pkg:apk/chainguard/virt-chroot-fips-1.6pkg:apk/chainguard/virt-chroot-fips-1.7pkg:apk/chainguard/virt-controller-1.8pkg:apk/chainguard/virt-controller-fips-1.8pkg:apk/chainguard/virt-handler-1.6pkg:apk/chainguard/virt-handler-1.7pkg:apk/chainguard/virt-handler-fips-1.6pkg:apk/chainguard/virt-handler-fips-1.7pkg:apk/chainguard/virt-launcher-1.7pkg:apk/chainguard/virt-launcher-1.8pkg:apk/chainguard/virt-launcher-1.8-virt-freezerpkg:apk/chainguard/virt-operator-1.8pkg:apk/chainguard/virt-operator-fips-1.8pkg:apk/wolfi/buildahpkg:apk/wolfi/cluster-autoscaler-1.31pkg:apk/wolfi/falco-no-driverpkg:apk/wolfi/grafana-alloypkg:apk/wolfi/grafana-alloy-compatpkg:apk/wolfi/k3s-1.32pkg:apk/wolfi/k3s-1.33pkg:apk/wolfi/k3s-multicall-1.32pkg:apk/wolfi/k3s-multicall-1.33pkg:apk/wolfi/k3s-static-1.32pkg:apk/wolfi/k3s-static-1.33pkg:apk/wolfi/kubeadm-1.30pkg:apk/wolfi/kubeadm-1.30-defaultpkg:apk/wolfi/kube-apiserver-1.30pkg:apk/wolfi/kube-apiserver-1.30-defaultpkg:apk/wolfi/kube-controller-manager-1.30pkg:apk/wolfi/kube-controller-manager-1.30-defaultpkg:apk/wolfi/kubectl-1.30pkg:apk/wolfi/kubectl-1.30-defaultpkg:apk/wolfi/kubectl-bash-completion-1.30pkg:apk/wolfi/kubelet-1.30pkg:apk/wolfi/kubelet-1.30-defaultpkg:apk/wolfi/kube-proxy-1.30pkg:apk/wolfi/kube-proxy-1.30-defaultpkg:apk/wolfi/kube-proxy-1.32pkg:apk/wolfi/kubernetes-1.30pkg:apk/wolfi/kubernetes-1.30-defaultpkg:apk/wolfi/kubernetes-1.32pkg:apk/wolfi/kube-scheduler-1.30pkg:apk/wolfi/kube-scheduler-1.30-defaultpkg:apk/wolfi/node-feature-discovery-0.17pkg:apk/wolfi/node-feature-discovery-0.18pkg:apk/wolfi/nvidia-container-toolkit-nvidia-cdi-hookpkg:apk/wolfi/nvidia-container-toolkit-nvidia-ctkpkg:apk/wolfi/podmanpkg:apk/wolfi/podman-docpkg:apk/wolfi/prometheus-podman-exporterpkg:apk/wolfi/prometheus-podman-exporter-compatpkg:apk/wolfi/rancher-2.10pkg:apk/wolfi/rancher-agent-2.11pkg:apk/wolfi/rancher-agent-2.9pkg:apk/wolfi/sriov-network-device-pluginpkg:apk/wolfi/sriov-network-device-plugin-entrypointpkg:golang/github.com/opencontainers/runcpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/alloy&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/alloy&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/runc&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/runc&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/runc&distro=openSUSE%20Tumbleweedpkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/buildah&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/podman&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/podman&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/podman&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/runc&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/runc&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/runc&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/runc&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/runc&distro=SUSE%20Linux%20Micro%206.2
< 1.7.4-r2+ 296 more
- (no CPE)range: < 1.7.4-r2
- (no CPE)range: < 1.42.0-r1
- (no CPE)range: < 1.31.5-r4
- (no CPE)range: < 1.31.5-r5
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 1.31.35-r1
- (no CPE)range: < 1.32.28-r1
- (no CPE)range: < 1.29.53-r1
- (no CPE)range: < 1.30.46-r1
- (no CPE)range: < 0.43.0-r0
- (no CPE)range: < 1.11.3-r1
- (no CPE)range: < 1.11.3-r1
- (no CPE)range: < 1.11.3-r2
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.32.9-r3
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.32.9-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.32.9-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 0.17.4-r2
- (no CPE)range: < 0.18.3-r1
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 0.16.9-r2
- (no CPE)range: < 1.18.1-r0
- (no CPE)range: < 1.18.1-r0
- (no CPE)range: < 5.6.2-r3
- (no CPE)range: < 5.6.2-r3
- (no CPE)range: < 1.19.0-r3
- (no CPE)range: < 1.19.0-r3
- (no CPE)range: < 2.10.10-r3
- (no CPE)range: < 2.11.7-r1
- (no CPE)range: < 2.9.12-r2
- (no CPE)range: < 1.31.13.2.1-r2
- (no CPE)range: < 1.31.13.2.1-r2
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.7.2-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.7.2-r1
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.7.2-r1
- (no CPE)range: < 1.6.4-r1
- (no CPE)range: < 1.7.2-r1
- (no CPE)range: < 1.7.4-r2
- (no CPE)range: < 1.8.3-r2
- (no CPE)range: < 1.8.3-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.42.0-r1
- (no CPE)range: < 1.31.5-r4
- (no CPE)range: < 0.43.0-r0
- (no CPE)range: < 1.11.3-r1
- (no CPE)range: < 1.11.3-r1
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.32.9.1-r2
- (no CPE)range: < 1.33.5.1-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.32.9-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.32.9-r2
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 1.30.14-r7
- (no CPE)range: < 0.17.4-r2
- (no CPE)range: < 0.18.3-r1
- (no CPE)range: < 1.18.1-r0
- (no CPE)range: < 1.18.1-r0
- (no CPE)range: < 5.6.2-r3
- (no CPE)range: < 5.6.2-r3
- (no CPE)range: < 1.19.0-r3
- (no CPE)range: < 1.19.0-r3
- (no CPE)range: < 2.10.10-r3
- (no CPE)range: < 2.11.7-r1
- (no CPE)range: < 2.9.12-r2
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 3.10.0-r2
- (no CPE)range: < 1.2.8
- (no CPE)range: < 2:1.10.1-2.module_el8.10.0+3909+6e1c1eb7
- (no CPE)range: < 2:1.33.12-2.module_el8.10.0+4023+db236c53
- (no CPE)range: < 2:1.33.12-2.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 84.1-1.module_el8.10.0+4016+efd18bf8
- (no CPE)range: < 3:2.1.10-1.module_el8.10.0+3970+8445edf6
- (no CPE)range: < 1:1.4.0-6.module_el8.10.0+4016+efd18bf8
- (no CPE)range: < 2:1-82.module_el8.10.0+3876+e55593a8
- (no CPE)range: < 2:2.229.0-2.module_el8.10.0+3909+6e1c1eb7
- (no CPE)range: < 3.18-5.module_el8.10.0+3901+4b80ecd7
- (no CPE)range: < 3.18-5.module_el8.10.0+3926+f12484f5
- (no CPE)range: < 3.18-5.module_el8.10.0+4016+efd18bf8
- (no CPE)range: < 3.18-5.module_el8.10.0+4016+efd18bf8
- (no CPE)range: < 1.14.3-2.module_el8.10.0+3845+87b84552
- (no CPE)range: < 1.13-1.module_el8.10.0+4047+545787c4
- (no CPE)range: < 4.4.0-2.module_el8.10.0+3876+e55593a8
- (no CPE)range: < 4.4.0-2.module_el8.10.0+3909+6e1c1eb7
- (no CPE)range: < 2:1.10.3-1.module_el8.10.0+4023+db236c53
- (no CPE)range: < 1.2.10-1.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4047+545787c4
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4047+545787c4
- (no CPE)range: < 4:4.9.4-23.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 3.18-5.module_el8.10.0+3970+8445edf6
- (no CPE)range: < 4.9.0-3.module_el8.10.0+4016+efd18bf8
- (no CPE)range: < 4:1.2.5-3.el9_6
- (no CPE)range: < 2:1.14.5-4.module_el8.10.0+4047+545787c4
- (no CPE)range: < 2:1.14.5-4.module_el8.10.0+4047+545787c4
- (no CPE)range: < 1.2.3-1.module_el8.10.0+4047+545787c4
- (no CPE)range: < 0.0.99.5-2.module_el8.10.0+3845+87b84552
- (no CPE)range: < 0.0.99.5-2.module_el8.10.0+3858+6ad51f9f
- (no CPE)range: < 0.2.6-21.module_el8.10.0+4068+0e21408f
- (no CPE)range: < 1.12.2-160000.1.1
- (no CPE)range: < 1.12.2-2.1
- (no CPE)range: < 1.39.5-160000.1.1
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 5.4.2-160000.3.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.3.3-160000.1.1
- (no CPE)range: < 1.3.3-1.1
- (no CPE)range: < 1.12.2-150700.15.15.1
- (no CPE)range: < 1.12.2-160000.1.1
- (no CPE)range: < 1.12.2-160000.1.1
- (no CPE)range: < 1.39.5-160000.1.1
- (no CPE)range: < 1.39.5-160000.1.1
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 5.4.2-160000.3.1
- (no CPE)range: < 4.9.5-150300.9.63.2
- (no CPE)range: < 4.9.5-150400.4.59.2
- (no CPE)range: < 4.9.5-150500.3.56.2
- (no CPE)range: < 5.4.2-160000.3.1
- (no CPE)range: < 4.9.5-9.1
- (no CPE)range: < 5.4.2-160000.3.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-16.67.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.3.3-160000.1.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.2.7-150000.80.1
- (no CPE)range: < 1.3.3-160000.1.1
- (no CPE)range: < 1.2.7-16.67.1
- (no CPE)range: < 1.3.3-1.1
- (no CPE)range: < 1.3.3-slfo.1.1_1.1
- (no CPE)range: < 1.3.3-160000.1.1
- opencontainers/runcv5Range: < 1.2.8
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-9493-h29p-rfm2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-31133ghsaADVISORY
- github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522ghsax_refsource_MISCWEB
- github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66ghsax_refsource_MISCWEB
- github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9fghsax_refsource_MISCWEB
- github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64ghsax_refsource_MISCWEB
- github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.